Public-Private Partnerships in Critical Infrastructure Security

Robert Gerlach June 7, 2023

Critical infrastructure refers to the essential systems and assets that are vital for a functioning society, such as power grids, transportation networks, and water treatment facilities. These infrastructure components play a crucial role in our everyday lives, ensuring the smooth operation of businesses, communication, and public services. Protecting critical infrastructure from potential threats, whether natural disasters or deliberate attacks, is of paramount importance to maintain societal stability.

Public-private partnerships (PPPs) are collaborative efforts between government entities and private sector organizations to address the challenges of protecting critical infrastructure. In the realm of security, PPPs bring together the expertise, resources, and capabilities of both sectors to enhance the resilience and safeguarding of these vital systems.

The significance of public-private partnerships lies in the complementary strengths each sector brings to the table. The government possesses regulatory authority, intelligence agencies, and access to classified information, while the private sector has specialized knowledge, innovative technologies, and operational expertise. By pooling these resources and working together, PPPs can effectively mitigate risks, respond to threats, and ensure the continued functionality of the critical infrastructure.

Public-private partnerships offer numerous benefits in the context of critical infrastructure security. Firstly, they enable the sharing of threat intelligence and analysis, allowing for early detection and prevention of potential attacks. Secondly, joint planning and response efforts enhance operational resilience, ensuring that critical systems can quickly recover and adapt in the face of disruptions. Additionally, PPPs provide access to specialized expertise and resources that may not be readily available to either the government or the private sector alone. Moreover, cost-sharing arrangements between the two sectors optimize limited resources and maximize the overall security posture. Lastly, these partnerships foster public trust and confidence in critical infrastructure security, as collaboration demonstrates a unified and dedicated approach to protecting society’s vital assets.

Public-private partnerships play a vital role in securing critical infrastructure. By combining the strengths of both sectors, PPPs enhance threat detection, response capabilities, and the overall resilience of these essential systems. As the threats to critical infrastructure continue to evolve, it is imperative that governments and private entities continue to collaborate, invest in, and strengthen these partnerships to ensure the security and reliability of our modern society.

The Importance of Critical Infrastructure Security

Our modern society relies heavily on critical infrastructure systems to function smoothly. These systems, such as power grids, transportation networks, and communication systems, are like the backbone that supports our daily lives. However, they are vulnerable to various threats, including natural disasters and deliberate attacks. Understanding the importance of securing critical infrastructure is crucial to ensuring the safety and well-being of our communities.

Attacks on critical infrastructure can have severe consequences. Imagine a cyber-attack that disrupts the power grid, leaving entire cities without electricity for days or even weeks. This would impact hospitals, schools, businesses, and homes, causing chaos and putting lives at risk. Similarly, an attack on transportation networks could disrupt the flow of goods and people, affecting our ability to access essential services and causing economic turmoil.

To protect our critical infrastructure, robust security measures are essential. It is not enough to rely solely on government or private sector efforts. Both sectors must work together, combining their strengths and resources. Robust security measures involve advanced technologies, strict regulations, and effective response plans. These measures aim to prevent and mitigate potential threats, ensuring that critical infrastructure systems remain resilient and operational.

Relying solely on the government or private sector for critical infrastructure security has limitations. The government may have the authority to enforce regulations and access classified information, but it may lack the agility and innovation that the private sector offers. On the other hand, the private sector possesses specialized knowledge and cutting-edge technologies, but it may lack the authority and resources to address large-scale security challenges. Therefore, collaboration between the two sectors through public-private partnerships becomes crucial for a comprehensive and effective security approach.

The importance of critical infrastructure security cannot be overstated. Attacks on these systems can have far-reaching consequences for our daily lives and the functioning of society as a whole. Robust security measures, achieved through public-private partnerships, are necessary to protect critical infrastructure assets. By combining the strengths of the government and the private sector, we can enhance our ability to detect, prevent, and respond to threats, ensuring the resilience and continuity of our critical infrastructure systems.

Understanding Public-Private Partnerships

Public-private partnerships are cooperative arrangements between government entities and private sector organizations that work together to achieve common goals. In the context of critical infrastructure security, PPPs play a crucial role in safeguarding essential systems from potential threats and ensuring their resilience.

In these partnerships, both the government and the private sector collaborate and share responsibilities. Government entities, such as regulatory agencies and intelligence organizations, provide the necessary oversight, regulatory frameworks, and access to classified information. They play a crucial role in setting security standards, coordinating response efforts, and enforcing compliance.

On the other hand, private sector organizations bring their expertise, innovative technologies, and operational capabilities to the partnership. They possess specialized knowledge in areas like cybersecurity, infrastructure design, and risk management. They contribute by implementing security measures, conducting risk assessments, and providing resources to enhance the protection of critical infrastructure assets.

There are several successful examples of public-private partnerships in critical infrastructure security. One example is the Transportation Security Administration (TSA) in the United States, which collaborates with private airlines, airport authorities, and transportation companies to secure air travel. Through information sharing and joint security protocols, they work together to detect and prevent potential threats to airports and aircraft.

Another example is the Financial Services Information Sharing and Analysis Center (FS-ISAC), a global information-sharing platform that fosters collaboration between the government and financial institutions. It enables the exchange of intelligence, alerts, and best practices to combat cyber threats in the financial sector.

These examples demonstrate the power of public-private partnerships in critical infrastructure security. By pooling resources, expertise, and knowledge, these partnerships enhance the overall security posture, strengthen response capabilities, and protect critical infrastructure systems from various threats.

Benefits of Public-Private Partnerships in Critical Infrastructure Security

Public-private partnerships (PPPs) offer a range of benefits when it comes to securing critical infrastructure. These partnerships bring together the strengths and resources of both the public and private sectors, resulting in a more robust and effective security approach.

One key benefit of PPPs is enhanced threat intelligence sharing and analysis. Government entities and private sector organizations collaborate to exchange valuable information regarding potential threats and vulnerabilities. By sharing this intelligence, they can identify emerging risks, detect malicious activities, and respond proactively to prevent security breaches.

Another advantage of PPPs is increased operational resilience through joint planning and response efforts. By working together, the government and private sector organizations can develop comprehensive plans and strategies to address various security scenarios. They conduct drills, simulations, and exercises to test their preparedness and coordination. This collaborative approach ensures a synchronized response during crisis situations and allows for a quicker recovery and restoration of critical infrastructure systems.

Public-private partnerships provide access to specialized expertise and resources from both sectors. Government entities bring regulatory knowledge, access to classified information, and the authority to enforce security measures. On the other hand, private sector organizations contribute their technical expertise, innovative technologies, and operational capabilities. This synergy allows for the implementation of state-of-the-art security measures, the deployment of advanced technologies, and the utilization of specialized skills that might not be readily available within a single sector.

Cost-sharing and optimization of limited resources is another significant advantage of PPPs. Critical infrastructure security requires significant investments in terms of technology, personnel, and infrastructure. By pooling resources, both the government and private sector can distribute the financial burden and allocate funds efficiently. This collaboration ensures that limited resources are utilized effectively, maximizing the overall security posture of critical infrastructure systems.

Lastly, public-private partnerships strengthen public trust and confidence in critical infrastructure security. When the government and private sector actively collaborate, it sends a message of dedication and commitment to safeguarding essential systems. This transparency and unified approach build public trust, as individuals feel assured that their safety and well-being are being prioritized. Strengthened public trust fosters cooperation and encourages individuals and communities to actively participate in security initiatives.

Public-private partnerships in critical infrastructure security offer numerous benefits. They enable enhanced threat intelligence sharing, increase operational resilience, provide access to specialized expertise and resources, optimize limited resources, and strengthen public trust and confidence. By harnessing the strengths of both sectors, PPPs contribute to the overall security and resilience of critical infrastructure systems, ensuring the smooth functioning of society.

Key Challenges and Mitigation Strategies

While public-private partnerships offer numerous benefits, there are certain challenges in establishing and maintaining effective partnerships. However, these challenges can be overcome with strategic approaches and mitigation strategies.

One potential challenge is establishing trust between the government and private sector organizations. Building trust requires open and transparent communication. Regular meetings, information-sharing sessions, and collaborative platforms can facilitate the exchange of ideas and foster mutual understanding. By fostering a culture of trust, both sectors can work together more effectively towards shared goals.

Another challenge is clarifying roles and responsibilities. Each sector has its own unique strengths and expertise, and defining clear roles ensures that responsibilities are well-distributed and understood. Establishing formal agreements, memoranda of understanding, or contracts can help delineate the specific roles and expectations of each partner. Regular reviews and evaluations of these agreements can ensure that they remain up-to-date and effective.

Transparency is another critical factor for successful PPPs. It is essential to establish transparent processes and mechanisms for decision-making, resource allocation, and risk management. Open communication channels and regular updates on progress and outcomes can promote transparency. Moreover, involving stakeholders, such as local communities and relevant experts, can enhance the legitimacy and accountability of the partnership.

Addressing these challenges requires a collaborative mindset and a commitment to ongoing communication and cooperation. Regular meetings, joint training sessions, and workshops can create opportunities for interaction and relationship-building. It is also important to develop a shared understanding of the overall goals and objectives of the partnership.

Effective public-private partnerships face challenges that can be mitigated through various strategies. Fostering trust and information sharing, clarifying roles and responsibilities, and ensuring transparency are key approaches to address these challenges. By proactively addressing potential obstacles and maintaining a collaborative mindset, PPPs can overcome challenges and achieve successful outcomes in securing critical infrastructure.

Case Studies of Successful Public-Private Partnerships

Public-private partnerships have proven to be effective in enhancing critical infrastructure security. Several real-world examples demonstrate the successful collaboration between government entities and private sector organizations in safeguarding essential systems.

One notable case is the Cybersecurity and Infrastructure Security Agency (CISA) in the United States. CISA collaborates with various private sector partners, including technology companies, energy providers, and financial institutions, to protect critical infrastructure from cyber threats. Through information sharing and joint analysis, they identify vulnerabilities, develop best practices, and implement security measures. This partnership has led to improved threat detection, enhanced incident response capabilities, and the development of effective cyber defense strategies.

Another example is the Water Information Sharing and Analysis Center (WaterISAC), which is a partnership between government agencies, water utilities, and other stakeholders in the water sector. WaterISAC facilitates the sharing of information, alerts, and resources related to the security of water infrastructure. By exchanging intelligence and coordinating response efforts, they enhance the protection of water treatment facilities, dams, and distribution systems. This partnership has resulted in increased preparedness, faster response times, and the implementation of proactive security measures.

In both cases, specific strategies and initiatives have been instrumental in achieving successful outcomes. These include regular information sharing through secure platforms, joint training and exercises, and the development of sector-specific best practices and guidelines. Collaborative research and development projects have led to innovative solutions for detecting and preventing threats. Moreover, the establishment of formalized communication channels and governance structures ensures effective coordination and decision-making within the partnerships.

The outcomes of these partnerships have been significant. They have contributed to the prevention of cyber-attacks, improved incident response times, and strengthened the overall security posture of critical infrastructure systems. The collaborations have also fostered a culture of shared responsibility, where both the government and private sector actively contribute their expertise and resources to protect vital infrastructure.

These case studies highlight the effectiveness of public-private partnerships in enhancing critical infrastructure security. By working together, governments and private sector organizations can address the complex challenges posed by evolving threats. The success of these partnerships serves as a model for future collaborations, emphasizing the importance of shared efforts in ensuring the resilience and protection of critical infrastructure systems.

Conclusion

As noted, Public-private partnerships play a crucial role in ensuring the security and resilience of critical infrastructure. Throughout this article, we have explored the significance of PPPs, their benefits, challenges, and successful case studies. It is evident that these partnerships are essential for safeguarding the systems that are vital to our everyday lives.

The importance of public-private partnerships in critical infrastructure security cannot be overstated. The collaboration between government entities and private sector organizations brings together regulatory authority, specialized knowledge, innovative technologies, and operational expertise. By combining these resources, PPPs enhance threat detection, response capabilities, and the overall resilience of critical infrastructure systems.

To ensure the continued protection of critical infrastructure, it is crucial that governments and private entities continue to collaborate and invest in these partnerships. Threats to critical infrastructure are constantly evolving, requiring ongoing adaptation and innovation. By fostering trust, clarifying roles, ensuring transparency, and sharing information, PPPs can address these challenges effectively.

Looking ahead, the future of public-private partnerships in safeguarding critical infrastructure is promising. As technology advances and threats become more sophisticated, PPPs will continue to be at the forefront of security efforts. The development of new frameworks, technologies, and best practices will further strengthen these partnerships. By harnessing the collective expertise and resources of both sectors, we can enhance the security, resilience, and reliability of critical infrastructure for the benefit of society as a whole.

In conclusion, public-private partnerships are crucial for protecting critical infrastructure. The collaboration and investment in these partnerships will contribute to a safer and more resilient future, ensuring the continued functionality of the systems that underpin our modern society. By working together, we can successfully navigate the challenges and threats that lie ahead, securing a sustainable and secure future for critical infrastructure.

Resistance vs. Resilience

Robert Gerlach April 24, 2017

The purpose of this article is to compare and contrast the terms resistance and resilience. For the analysis, this article will investigate ways in which United States homeland security strategies have succeeded and failed to promote resilience. This analysis will continue with a case study of the Aurora, Colorado Theater Shooting to demonstrate community resilience. Concluding the paper, an analysis of the Hempfield Emergency Management Agency and its’ elements of resilience will be explored.

Resilience versus Resistance

The Federal Emergency Management Agency (2001) defines disaster resistance as “taking an action that will reduce or prevent the impact of disaster” (p. 9). That definition from the federal government illustrates the confusion of resistance versus resilience, but also shows how these two actions work hand in hand. 

Resistance strategies are those that are to prevent or protect, while resilience is the actions of response and recovery (Longstaff et al, 2010). Resistance is attempting to “prevent or stop disruptive events from happening,” while resilience is the “ability . . . to absorb, change, and still carry on” (Longstaff et al, 2010, p. 3). Both of these concepts work hand-in-hand to make an asset less vulnerable to threats.  While resistance is the hardening of the asset from an attack, resilience is the ability to continue to function after the attack with minimal negative effects.

For example, cyber systems are always under attack by hackers. To be resistant to attacks there are firewalls, anti-virus software, and other protection systems. Because resistant systems are not 100 percent effective, a resilience strategy must be employed. An example of a resilience strategy with cyber systems is the periodic backing up of data at an off-site location that is not connected to the internet.

For illustration, the Indiana County (Pennsylvania) Emergency Management Agency (ICEMA) employs both methods to ensure the continued operations of the agency in the event of a physical or cyber-attack. At a pre-determined interval, the physical data hard drives on the organization server are backed up to a secondary drive (B. Lygus, personal communication, September 5, 2016). This ensures that if there is an issue, the data can be almost immediately replaced in the event of a cyber-attack.  Additionally, to protect from a physical attack, the data is also stored at an off-site location (B. Lygus, personal communication, September 5, 2016).  The use of passwords, firewalls, and other security software and hardware are examples of resistance strategies of the ICEMA.  The periodic backing up of data on and off-site are examples of the resilience strategies of the ICEMA. 

The events of September 11, 2001, showed the leaders of the United States that the resistance and resilience strategies of the Cold War era are not appropriate for the new threat of global terrorism. Therefore, the Office of Homeland Security was established to assist in coordinating anti-terrorism efforts. The Homeland Security Act of 2002 elevated the Office of Homeland Security to become the Department of Homeland Security (Department of Homeland Security, 2015). The creation of the Department of Homeland Security brought together 22 agencies in response to the failures to prevent the 9/11 attacks (Purpura, 2007). “The DHS was created primarily because of criticism that the 9/11 attacks could have been prevented if federal agencies had an improved system of cooperating with each other and sharing intelligence” (Purpura, 2007, p. 130). 

United States Homeland Security Strategies

In order to better protect the homeland, the US. Northern Command was created on April 22, 2002. The U.S. Northern Command was created to coordinate military operations over the North American continent and “provide assistance to U.S. civil authorities as directed” (Jordan, Taylor, Meese, J., & Neilsen, 2009, p. 139).

On October 26, 2001, President George Bush signed the USA PATRIOT Act into law (Kashan, 2010). The intent was to fill the gaps in the intelligence community which resulted in the September 11 attacks (Waxman, 2009). The USA PATRIOT Act provided the powers for the:

  • indefinite detentions of immigrants;
  • the permission is given to law enforcement officers to search a home or business without the owner’s or the occupant’s consent or knowledge;
  • the expanded use of National Security Letters, which allows the Federal Bureau of Investigation (FBI) to search telephone, e-mail, and financial records without a court order; and
  • the expanded access of law enforcement agencies to business records, including library and financial records. (USE PATRIOT Act, 2001).

In 2004, the National Counter-terrorism Center was established by The Intelligence Reform and Terrorism Prevention Act of 2004 (Purpura, 2007). This was in response to the investigation of the September 11 attacks which revealed that all the pieces of the puzzle were present to prevent the attacks, but due to the lack of sharing between the organizations, not one agency had all the pieces. 

In 2005, the Office of the Director of National Intelligence (DNI) was established (Office of the Director of National Intelligence, n.d.). The DNI is hypothetically to be the final decision maker within the intelligence community, but they do not fully possess the ability to impose their day-to-day priorities on the individual intelligence agencies (Lowenthal, 2015, p. 73). 

These examples of the actions of the United States illustrate primarily resistance strategies to protect the country. To promote resilience, the Department of Homeland Security developed the “Ready.gov” initiative. Created in 2003, “Ready is a national public service advertising (PSA) campaign designed to educate and empower Americans to prepare for and respond to emergencies including natural and man-made disasters” (DHS, n.d.). The purpose of the Ready.gov campaign is to provide information to citizens and businesses to make them self-sufficient for at least 72 hours in the event of an emergency or disaster. This strengthens the community and creates resilience.  The core processes were noted to work towards business resilience and therefore the Ready Business was developed and launched in 2004 (DHS, n.d.). 

Case Study

On July 20, 2012, at 12:05 a.m. the movie The Dark Night Rises starts at the Century 16 Movie Theaters in Aurora, Colorado (KABC-TV, 2012). At 12:39 a.m. the 911 center became overwhelmed with hundreds of calls reporting the shooting. James Eagan Holmes had a ticket for the movie and entered the theater normally. After the movie started, Holmes left through an emergency exit and blocked the door so he could regain entry to the theater (KABC-TV, 2012). “[H]e donned riot gear and re-entered the theater, tossed two gas canisters and began shooting into the crowd at about 12:38 a.m.” (KACB-TV, 2012). Police arrived within 90 seconds and at 12:45 a.m. James Eagan Holmes was arrested outside the theater (KABC-TV, 2012). A total of 12 people died and another 58 were injured from the event.

A civil lawsuit claims that “theater employees failed to check doors, and lacked closed-circuit television cameras that would have allowed them to spot trouble” (Aurora Sentinel, 2016). The emergency exit did not have any alarm to trigger theater staff (Roberts, 2016). Furthermore, there was not any extra security for the opening night which was expected to draw at least 1,000 people, and no guards were armed (Aurora Sentinel, 2016). It was noted that “He [James Eagan Holmes] picked this location because of the lack of security” as he had scoped the location multiple times, taking pictures and notes (Aurora Sentinel, 2016). 

While adding alarms to the emergency doors and video surveillance of the theater and grounds are examples of resistance. The measure of them are examples of robustness. The volume of the emergency door alarm or even automatic monitoring company alerting is an example of a more robust system. Furthermore, adding to the number of security officers makes the system more robust. Finally, adding armed security is another layer of robustness that could be measured.

Conclusion

The Hempfield Township Emergency Management Agency (HEMA) has initiated multiple strategies to promote resilience with its organization, the Township government, and both the residential and commercial community (R. Gerlach, personal communication, September 11, 2016).

First, the organization has developed an Emergency Operations Plan (EOP) that is reviewed, and revised as needed, every two years. This review is performed by a committee representing those who would be operating during an emergency; which includes Township Administration, Public Works, Emergency Medical, Firefighting, and Law Enforcement. To aid the planning process, a hazard vulnerability assessment is performed to determine and analyze old threats and identify possible new threats. In addition to the EOP, HEMA has developed a Continuity of Government plan and a Disaster Recovery plan. These plans provide activities and strategies primarily for resilience.

To ensure the operations of the Township and the Emergency Operations Center, various duplicated equipment is stored in multiple locations throughout the Township. Furthermore, HEMA has identified a secondary EOC and two tertiary EOCs. All of them are turn-key and ensure that Emergency Operations can be coordinated in the event the primary EOC is compromised. Furthermore, the primary and all alternative EOCs have back-up power systems that can survive at least 72 hours before requiring fuel. These activities are examples of resistance.  

The Hempfield Township Emergency Management Agency embraces the whole community approach to emergency management. The whole community approach recognizes “that a government-centric approach to disaster management will not be enough to meet the challenges posed by a catastrophic incident” (FEMA, 2011, p. 2).

“Whole Community is a means by which residents, emergency management practitioners, organizational and community leaders, and government officials can collectively understand and assess the needs of their respective communities and determine the best ways to organize and strengthen their assets, capacities, and interests. By doing so, a more effective path to societal security and resilience is built. In a sense, Whole Community is a philosophical approach on how to think about conducting emergency management” (FEMA, 2011, p. 3).

In order to better serve the community it protects, HEMA has engaged both the commercial and residential communities (R. Gerlach, personal communication, September 11, 2016). One aspect of this engagement is through the internet with social media (Facebook and Twitter) and the ReadyHempfield.org campaign. Similar to the Ready.gov campaign, ReadyHempfield.org is focused on the specific needs and demographics of Hempfield Township. Furthermore, social media is used not only to educate the community about emergency preparedness; weather alerts and other information are communicated via this medium.

Finally, HEMA also engages its community directly. It completes this by providing speakers to organizations to educate about the agency and emergency preparedness. HEMA also participates in multiple functions throughout the year in which it sets up an educational booth.

References

Infrastructure Grades and Disaster Trends

Robert Gerlach September 27, 2016

The purpose of this article is to investigate the current state of critical infrastructure in the United States based on data from the American Society of Civil Engineers (ASCE). Using the information from the ASCE website, this article evaluates how the state of our critical infrastructure impacts our national security. Furthermore, what can we as a country do about this problem and how we compare to the rest of the world will be analyzed. Finally, this article will examine how our critical infrastructure is tied to cyber systems networks and security.

“Critical infrastructure is the backbone of our nation’s economy, security, and health” (U.S. Department of Homeland Security, 2013) and any “[i]mpact on and others will feel it” (Macaulay, 2008, p.1). In other words, our lives rely on the dependability of critical infrastructure, and due to how interlinked our infrastructure is, the failure of one may affect them all. The security of our critical infrastructure is paramount. When discussed in the field of homeland security and emergency management, protecting our critical infrastructure is tied to a disaster, whether manmade (terrorism) or natural. Based on the data from the American Society of Civil Engineers, there may be a different “manmade” impact, otherwise known as neglect. The I-35 bridge collapse in Minnesota was an example of this neglect. As a result of deterioration, degradation, and neglect the bridge became a “crumbling infrastructure” and the collapse was the “cataclysmic result of its failure” (Martin, 2008, p. 41).

In 2009, the critical infrastructure in the United States was graded and received 11 D’s and 4 C’s and these practically failing grades illustrate that the systems we rely on for everyday activities are becoming inadequate or even dangerous (American Society of Civil Engineers, 2009). As previously mentioned, our critical infrastructure is interconnected and an impact from one sector can severely impact another sector or all sectors. This would cripple the country and possibly others. This was evident on September 11th when a man-made disaster, terrorism, impacted not only the Transportation Sector but many others. The impact also illustrated how our critical infrastructure is tied to and reliant upon cyber systems networks and security.

Due to the incident of September 11, 2001, air traffic was halted over the United States for weeks and severely impacted the Communication Sector, Commercial Facilities Sector, and the Food and Agriculture Sector. These impacts than had a direct effect on Critical Manufacturing, Emergency Services, Energy, Financial Services, and Government Facilities sectors. One event crippled the nation directly affecting at least nine of sixteen sectors of critical infrastructure. The others most likely had some negative impact from the events of September 11th. Our national security is reliant on the protection of the critical infrastructure. 

In our current economic and political climate, blame is what is sought after, but this detracts from the more important mission; fixing the problem. The neglect our infrastructure has received is an example of what Martin (2008) recognized “[u]nderlying the increase in disaster vulnerability is an interrelated global process that includes population growth, rapid urbanization, international financial pressures, land degradation, global environmental change, and war” (p. 41). What is needed is money, but again that is not popular in the current economic and political climate.

According to Merriam-Webster, the definition of mitigate is “to make more bearable or less severe.” This is the action that must be taken to improve our neglected and decaying critical infrastructure. Spending money upfront on floodplain management has been shown to save the country more than $1 billion in damages every year (Federal Emergency Management Agency, 2012). Imagine the savings from mitigating and protecting our other critical infrastructure. Europe uses 5% of its GDP towards infrastructure; China, 9%; but the United States spends just 2.4% (ASCE, 2009). Increasing our spending on these activities will save us more money in the long run. A study by the Multihazard Mitigation Council showed that for every dollar we put towards the mitigation of hazards save on average $4. So, the question is whether to spend millions now or billions later.

Attention for protecting our critical infrastructure is focused outward, towards an attack or natural disaster. Unfortunately, the problem may come from within. Our own neglect of upkeep and upgrading of systems, technology, and structure. As already illustrated, an event that impacts one sector of critical infrastructure does not stay only with that sector, many others or all are impacted. These impacts can bring our economy and society to a halt, thus negatively impacting our national security. As a society, we need to be ready to invest now in our critical infrastructure or be ready to spend significantly more in the future.

References

American Society of Civil Engineers. (2009). 2009 Report card for America’s infrastructure. American Society of Civil Engineers. Retrieved from http://www.asce.org/Infrastructure/Report-Card/2009-Report-Card-for-America-s-Infrastructure/

Federal Emergency Management Agency. (2012). Mitigation’s value to society. Retrieved from http://www.fema.gov/media-library-data/20130726-1621-20490-9581/mitigationvaluetosociety_2012.pdf

Macaulay, T. (2008). Critical infrastructure: Understanding its component parts, vulnerability, operating risks and interdependencies. Boca Raton, FL: CRC Press.

Martin, D. (2008). Bridging emergency management: A professional assessment of the Minneapolis bridge collapse and other infrastructure failures. Journal of Emergency Management, 5(6), 41–44.

U.S. Department of Homeland Security. (2013, November 1). What is critical infrastructure? Retrieved October 24, 2014, from http://www.dhs.gov/what-critical-infrastructure